pwn 0.5.617 → 0.5.618

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (56) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +95 -85
  3. data/README.md.bak +200 -0
  4. data/documentation/AI-Integration.md +42 -26
  5. data/documentation/AWS.md +57 -0
  6. data/documentation/Agent-Tool-Registry.md +56 -0
  7. data/documentation/Banner.md +17 -0
  8. data/documentation/Blockchain.md +18 -0
  9. data/documentation/Bounty.md +21 -0
  10. data/documentation/BurpSuite.md +41 -16
  11. data/documentation/CLI-Drivers.md +58 -0
  12. data/documentation/Configuration.md +66 -0
  13. data/documentation/Contributing.md +33 -19
  14. data/documentation/Cron.md +47 -0
  15. data/documentation/Drivers.md +43 -16
  16. data/documentation/Extrospection.md +54 -0
  17. data/documentation/FFI.md +14 -0
  18. data/documentation/Fuzzing.md +36 -0
  19. data/documentation/Hardware.md +40 -0
  20. data/documentation/Metasploit.md +34 -0
  21. data/documentation/NmapIt.md +18 -12
  22. data/documentation/PWN.png +0 -0
  23. data/documentation/PWN_Contributors_and_Users.png +0 -0
  24. data/documentation/Persistence.md +38 -0
  25. data/documentation/Plugins.md +97 -47
  26. data/documentation/Reporting.md +25 -18
  27. data/documentation/SAST.md +39 -22
  28. data/documentation/SDR.md +40 -0
  29. data/documentation/Sessions.md +39 -0
  30. data/documentation/Skills-Memory-Learning.md +49 -29
  31. data/documentation/Swarm.md +71 -0
  32. data/documentation/Transparent-Browser.md +26 -22
  33. data/documentation/Troubleshooting.md +44 -25
  34. data/documentation/WWW.md +32 -0
  35. data/documentation/diagrams/agent-tool-registry.svg +284 -0
  36. data/documentation/diagrams/aws-cloud-security.svg +166 -0
  37. data/documentation/diagrams/cron-scheduling.svg +148 -0
  38. data/documentation/diagrams/dot/hardware-hacking.dot +48 -0
  39. data/documentation/diagrams/dot/persistence-filesystem.dot +29 -0
  40. data/documentation/diagrams/extrospection-world-awareness.svg +185 -0
  41. data/documentation/diagrams/hardware-hacking.svg +163 -0
  42. data/documentation/diagrams/persistence-filesystem.svg +174 -0
  43. data/documentation/diagrams/sdr-radio-flow.svg +146 -0
  44. data/documentation/diagrams/swarm-multi-agent.svg +225 -0
  45. data/documentation/fax-spectrogram.png +0 -0
  46. data/documentation/fax-waveform.png +0 -0
  47. data/documentation/pwn-REPL.md +40 -24
  48. data/documentation/pwn-ai-Agent.md +59 -30
  49. data/documentation/pwn_android_war_dialer_session.png +0 -0
  50. data/documentation/pwn_install.png +0 -0
  51. data/documentation/pwn_wallpaper.jpg +0 -0
  52. data/documentation/ringing-spectrogram.png +0 -0
  53. data/documentation/ringing-waveform.png +0 -0
  54. data/lib/pwn/version.rb +1 -1
  55. data/third_party/pwn_rdoc.jsonl +22 -5
  56. metadata +39 -1
@@ -1,18 +1,24 @@
1
- # NmapIt
1
+ # `PWN::Plugins::NmapIt`
2
2
 
3
- `PWN::Plugins::NmapIt` provides a convenient Ruby wrapper around Nmap for reconnaissance.
3
+ Thin, composable wrapper over `nmap` with structured XML parsing.
4
4
 
5
- ## Features
5
+ ![Network & infra testing](diagrams/network-infra-testing.svg)
6
6
 
7
- - Easy target specification (hosts, ranges, CIDR)
8
- - Parsing of XML output into usable Ruby structures
9
- - Service version detection, script execution support
10
- - Integration with other plugins (e.g. feed into TransparentBrowser or Shodan)
7
+ ```ruby
8
+ r = PWN::Plugins::NmapIt.port_scan(
9
+ target: '10.0.0.0/24',
10
+ ports: '1-1024',
11
+ service_scan: true,
12
+ script: 'default,vuln',
13
+ output_xml: '/tmp/scan.xml'
14
+ )
15
+ r[:hosts].each { |h| puts "#{h[:ip]} → #{h[:ports].map { |p| p[:portid] }}" }
16
+ ```
11
17
 
12
- Commonly used early in agent workflows:
18
+ CLI: `pwn_nmap_discover_tcp_udp -t 10.0.0.0/24 -o out/`
13
19
 
14
- > "Run NmapIt against 10.0.0.0/24, identify web services, then spider with TransparentBrowser."
20
+ Pairs with `extro_observe` to persist banners for later
21
+ [correlation](Extrospection.md), and with `PWN::Plugins::Sock` /
22
+ `PWN::Plugins::Metasploit` for follow-up.
15
23
 
16
- See source in `lib/pwn/plugins/nmap_it.rb`.
17
-
18
- [[Diagrams]]
24
+ [← Home](Home.md) · [Plugins](Plugins.md)
Binary file
@@ -0,0 +1,38 @@
1
+ # `~/.pwn/` — Persistence Map
2
+
3
+ Every byte PWN remembers between processes lives here.
4
+
5
+ ![~/.pwn map](diagrams/persistence-filesystem.svg)
6
+
7
+ | Path | Owner | Format | Reset tool | Purpose |
8
+ |---|---|---|---|---|
9
+ | `config.yml` | `PWN::Config` | YAML | edit by hand | engines, keys, agent options |
10
+ | `memory.json` | `PWN::Memory` | JSON array | `memory_clear` | facts · prefs · lessons · env — injected into every prompt |
11
+ | `skills/*.md` | `PWN::Config.load_skills` | Markdown + YAML front-matter | `skill_delete` | reusable procedures + `references:` (CWE/CVE/ATT&CK/NIST) |
12
+ | `learning.jsonl` | `PWN::AI::Agent::Learning` | JSON-per-line | `learning_reset` | task outcome log → success_rate |
13
+ | `metrics.json` | `PWN::AI::Agent::Metrics` | JSON | `metrics_reset` | per-tool calls · success · avg_duration · last_error |
14
+ | `extrospection.json` | `PWN::AI::Agent::Extrospection` | JSON | `extro_reset` | host snapshot + previous baseline + observations[] |
15
+ | `sessions/*.jsonl` | `PWN::Sessions` | JSON-per-line | `sessions_delete` | full transcript per pwn-ai run |
16
+ | `cron/jobs.yml` | `PWN::Cron` | YAML | `cron_remove` | scheduled prompt/ruby/script jobs |
17
+ | `cron/log/*.log` | `PWN::Cron` | text | rm | last_run output |
18
+ | `agents.yml` | `PWN::AI::Agent::Swarm` | YAML | edit / `agent_spawn` | persona registry |
19
+ | `swarm/<id>/bus.jsonl` | `Swarm` | JSON-per-line | rm -rf | append-only multi-agent chat |
20
+ | `swarm/<id>/personas.json` | `Swarm` | JSON | rm | persona → session_id map |
21
+ | `~/.pwn_history` | Pry | text | rm | REPL input history |
22
+
23
+ ## Back it up
24
+
25
+ ```bash
26
+ tar czf pwn-state-$(date +%F).tgz -C "$HOME" .pwn
27
+ ```
28
+
29
+ ## Start fresh for a new engagement
30
+
31
+ ```ruby
32
+ # inside pwn-ai — keeps config & skills, wipes engagement-specific state
33
+ extro_reset(confirm: true) # host snapshot + observations
34
+ learning_reset(confirm: true) # task outcomes (optional)
35
+ metrics_reset(confirm: true) # tool telemetry (optional)
36
+ ```
37
+
38
+ [← Home](Home.md) · [Configuration](Configuration.md)
@@ -1,59 +1,109 @@
1
- # Plugins
1
+ # `PWN::Plugins` — All 66 Modules
2
2
 
3
- PWN ships with **66+** plugins under `PWN::Plugins::*`.
3
+ Every plugin is a plain Ruby module of `public_class_method def self.x(opts = {})`
4
+ methods with self-documenting `.help`. Source: `lib/pwn/plugins/*.rb`.
4
5
 
5
- ## Browsing Plugins
6
+ ![Plugin ecosystem](diagrams/plugin-ecosystem.svg)
7
+
8
+ ## Discover in the REPL
6
9
 
7
10
  ```ruby
8
11
  PWN::Plugins.constants.sort
9
- PWN::Plugins::BurpSuite.methods(false).sort # preferred web proxy/scanner
12
+ PWN::Plugins::BurpSuite.help
13
+ ls PWN::Plugins::NmapIt
14
+ show-source PWN::Plugins::Fuzz.generate
10
15
  ```
11
16
 
12
- ## Major Categories & Highlights
13
-
14
- ### Web / Proxy / Scanning
15
- - **burp_suite** (preferred) — Headless + live interaction with Burp Suite Professional
16
- - **zaproxy** — OWASP ZAP support (fallback)
17
- - **transparent_browser** — Headless/visible browser automation, spidering, JS execution
18
- - **spider**
19
- - **nmap_it** — Nmap wrapper + parsing
20
- - **nessus_cloud**, **nexpose_vuln_scan**, **openvas**
21
-
22
- ### Exploitation & Post-Exploitation
23
- - **metasploit**
24
- - **assembly**
25
- - **fuzz**
26
- - **packet**
27
- - **beef** (Browser Exploitation Framework)
28
- - **tor**
29
-
30
- ### Recon / OSINT
31
- - **shodan**
32
- - **hunter**
33
- - **ip_info**
34
- - **github**
35
- - **hacker_one**
36
-
37
- ### Data & Auth
38
- - **authentication_helper**, **basic_auth**, **oauth2**
39
- - **dao_ldap**, **dao_mongo**, **dao_postgres**, **dao_sqlite3**
40
- - **vault**
41
-
42
- ### Mobile / Hardware / Misc
43
- - **android**
44
- - **serial**, **bus_pirate**, **msr206**
45
- - **ocr**, **pdf_parse**, **voice**
46
- - **blockchain**, **bounty** (HackerOne), **defect_dojo**
17
+ ## By category
47
18
 
48
- ### Utility
49
- - **file_fu**, **json_pathify**, **log**, **pwn_logger**, **thread_pool**
50
- - **monkey_patch**, **xxd**, **char**, **vin**, **ssn**, **credit_card**
19
+ ### Web / Proxy / Browser
20
+ | Module | Purpose | Doc |
21
+ |---|---|---|
22
+ | **`BurpSuite`** ⭐ | Headless + REST control of Burp Pro; active/passive scan | [BurpSuite](BurpSuite.md) |
23
+ | `Zaproxy` | OWASP ZAP (fallback) | — |
24
+ | **`TransparentBrowser`** | Watir/Chrome headless or visible; devtools; proxy-aware | [Transparent-Browser](Transparent-Browser.md) |
25
+ | `Spider` | Recursive crawler | — |
26
+ | `OpenAPI` | Swagger/OpenAPI parse + fuzz targets | — |
27
+ | `URIScheme` | URI helpers | — |
28
+
29
+ ### Network
30
+ | Module | Purpose | Doc |
31
+ |---|---|---|
32
+ | **`NmapIt`** | Nmap wrapper + XML parse | [NmapIt](NmapIt.md) |
33
+ | `Sock` | Raw TCP/UDP client; banner grab | — |
34
+ | `Packet` | Craft/sniff L2/L3 (PacketFu) | — |
35
+ | `Tor` | Start/rotate Tor for egress | — |
36
+ | `IPInfo` | Geo/ASN lookup | — |
37
+
38
+ ### Exploitation
39
+ | Module | Purpose | Doc |
40
+ |---|---|---|
41
+ | **`Metasploit`** | msfrpcd client; run modules; sessions | [Metasploit](Metasploit.md) |
42
+ | **`Fuzz`** | Mutation/generation fuzzer | [Fuzzing](Fuzzing.md) |
43
+ | `BeEF` | Browser Exploitation Framework hooks | — |
44
+ | `Assembly` | asm ↔ opcodes (multi-arch, keystone/capstone) | — |
45
+
46
+ ### OSINT / Recon
47
+ | Module | Purpose |
48
+ |---|---|
49
+ | `Shodan` | host/search/GraphQL introspection |
50
+ | `Hunter` | email discovery |
51
+ | `Github` | code/secret search |
52
+ | `HackerOne` | program/report API |
53
+
54
+ ### Data Access / Parsing
55
+ | Module | Purpose |
56
+ |---|---|
57
+ | `DAOLdap` · `DAOMongo` · `DAOPostgres` · `DAOSqlite3` | DB clients |
58
+ | `JSONPathify` | JSONPath query |
59
+ | `PDFParse` · `OCR` | document extraction |
60
+ | `ScannableCodes` | QR/barcode gen/read |
51
61
 
52
- Full list (current as of build):
53
- `android assembly authentication_helper baresip basic_auth beef black_duck_binary_analysis burp_suite bus_pirate char credit_card dao_ldap dao_mongo dao_postgres dao_sqlite3 defect_dojo detect_os ein file_fu fuzz git github hacker_one hunter ip_info irc jenkins jira_data_center json_pathify log mail_agent metasploit monkey_patch msr206 nessus_cloud nexpose_vuln_scan nmap_it oauth2 ocr open_api openvas packet pdf_parse pony ps pwn_logger rabbit_mq repl scannable_codes serial shodan slack_client sock spider ssn thread_pool tor transparent_browser twitter_api uri_scheme vault vin voice vsphere xxd zaproxy`
62
+ ### Auth / Secrets
63
+ | Module | Purpose |
64
+ |---|---|
65
+ | `OAuth2` · `BasicAuth` · `AuthenticationHelper` | credential flows |
66
+ | `Vault` | HashiCorp Vault |
67
+
68
+ ### Hardware / Physical
69
+ | Module | Purpose | Doc |
70
+ |---|---|---|
71
+ | `Serial` · `BusPirate` | UART/SPI/I²C | [Hardware](Hardware.md) |
72
+ | `MSR206` | magstripe reader/writer | [Hardware](Hardware.md) |
73
+ | `Android` | adb push/pull/shell/screencap | [Hardware](Hardware.md) |
74
+ | `BareSIP` · `Voice` | VoIP war-dialing / TTS | [Hardware](Hardware.md) |
75
+
76
+ ### CI / DevOps / Vuln-Mgmt
77
+ | Module | Purpose |
78
+ |---|---|
79
+ | `Jenkins` | jobs/views/plugins/users |
80
+ | `Git` | repo helpers |
81
+ | `vSphere` | VMware inventory |
82
+ | `DefectDojo` | import/reimport findings |
83
+ | `BlackDuckBinaryAnalysis` | SBOM + CVE match |
84
+ | `NessusCloud` · `NexposeVulnScan` · `OpenVAS` | commercial/OSS scanners |
85
+ | `JiraDataCenter` | ticket findings |
86
+
87
+ ### Comms
88
+ | Module | Purpose |
89
+ |---|---|
90
+ | `MailAgent` · `Pony` | SMTP send |
91
+ | `SlackClient` · `IRC` · `TwitterAPI` | chat/notify |
92
+ | `RabbitMQ` | AMQP |
93
+
94
+ ### Utility
95
+ `FileFu` · `ThreadPool` · `Log` · `PwnLogger` · `Char` · `XXD` · `DetectOS` ·
96
+ `CreditCard` · `SSN` · `EIN` · `VIN` · `PS` · `MonkeyPatch` · `REPL`
54
97
 
55
- Each plugin has self-documenting method signatures viewable via the REPL or source in `lib/pwn/plugins/`.
98
+ ## Full alphabetical list
56
99
 
57
- See individual plugin pages or source for details. Many plugins accept common options and return rich Ruby objects.
100
+ `Android Assembly AuthenticationHelper BareSIP BasicAuth BeEF
101
+ BlackDuckBinaryAnalysis BurpSuite BusPirate Char CreditCard DAOLdap DAOMongo
102
+ DAOPostgres DAOSqlite3 DefectDojo DetectOS EIN FileFu Fuzz Git Github
103
+ HackerOne Hunter IPInfo IRC Jenkins JiraDataCenter JSONPathify Log MailAgent
104
+ Metasploit MonkeyPatch MSR206 NessusCloud NexposeVulnScan NmapIt OAuth2 OCR
105
+ OpenAPI OpenVAS Packet PDFParse Pony PS PwnLogger RabbitMQ REPL ScannableCodes
106
+ Serial Shodan SlackClient Sock Spider SSN ThreadPool Tor TransparentBrowser
107
+ TwitterAPI URIScheme Vault VIN Voice Vsphere XXD Zaproxy`
58
108
 
59
- [[Diagrams]]
109
+ [← Home](Home.md) · [Diagrams](Diagrams.md)
@@ -1,28 +1,35 @@
1
- # Reporting
1
+ # `PWN::Reports` — Findings Pipeline
2
2
 
3
- `PWN::Reports` generates structured output from scans, agent runs, SAST results, and manual findings.
3
+ ![Reporting pipeline](diagrams/reporting-pipeline.svg)
4
4
 
5
- ## Capabilities
5
+ ## Generators (`lib/pwn/reports/*.rb`)
6
6
 
7
- - Vulnerability report templating (Markdown + other formats)
8
- - Integration with defect trackers (`PWN::Plugins::DefectDojo`, Jira, etc.)
9
- - Automated report generation after agent tasks or plugin runs
10
- - Custom report drivers
7
+ | Module | Consumes | Emits |
8
+ |---|---|---|
9
+ | `Reports::SAST` | `PWN::SAST::Factory` output | HTML (with `HTMLHeader`/`HTMLFooter`) + JSON |
10
+ | `Reports::Fuzz` | `PWN::Plugins::Fuzz` crash log | HTML + JSON |
11
+ | `Reports::URIBuster` | `pwn_www_uri_buster` output | HTML |
12
+ | `Reports::Phone` | `PWN::Plugins::BareSIP` recon | HTML |
13
+ | `Reports::HTMLHeader` / `HTMLFooter` | — | shared chrome for all HTML reports |
11
14
 
12
- ## Template
15
+ ## Delivery integrations
13
16
 
14
- See example report templates in the PWN repo (or generate with `PWN::Reports`). Full pipeline in [Diagrams](Diagrams.md).
17
+ | Plugin | Purpose |
18
+ |---|---|
19
+ | `PWN::Plugins::DefectDojo` | `importscan` / `reimportscan` / `engagement_create` (also `bin/pwn_defectdojo_*`) |
20
+ | `PWN::Plugins::JiraDataCenter` | Create issues from findings |
21
+ | `PWN::Plugins::SlackClient` / `MailAgent` | Notify |
15
22
 
16
- ## Usage Patterns
17
-
18
- Typically invoked at the end of reconnaissance → scanning → exploitation → analysis workflows:
23
+ ## Example
19
24
 
20
25
  ```ruby
21
- PWN::Reports.generate(...)
26
+ findings = PWN::SAST::Factory.start(dir_path: './src')
27
+ PWN::Reports::SAST.generate(
28
+ dir_path: './src', results_hash: findings, output_dir: './out'
29
+ )
30
+ PWN::Plugins::DefectDojo.importscan(
31
+ engagement_id: 42, file: './out/report.json', scan_type: 'PWN SAST'
32
+ )
22
33
  ```
23
34
 
24
- The `pwn-ai` agent is frequently instructed to "analyze findings and produce a report."
25
-
26
- Combined with `PWN::Plugins::HackerOne` / bounty modules for streamlined disclosure workflows.
27
-
28
- [[Diagrams]]
35
+ [← Home](Home.md) · [SAST](SAST.md) · [Fuzzing](Fuzzing.md)
@@ -1,32 +1,49 @@
1
- # SAST (Static Application Security Testing)
1
+ # `PWN::SAST` Static Application Security Testing
2
2
 
3
- `PWN::SAST` provides a growing collection of static analysis signatures and test case generators.
3
+ 48 language-aware rule modules + a `TestCaseEngine` + a `Factory` loader.
4
+ Source: `lib/pwn/sast/*.rb`. CLI: `bin/pwn_sast`.
4
5
 
5
- ## Location
6
+ ![SAST pipeline](diagrams/code-scanning-sast.svg)
6
7
 
7
- `lib/pwn/sast/` one file per vulnerability class or mechanism.
8
+ ## Run it
8
9
 
9
- ## Current Coverage (examples)
10
-
11
- - Command execution (multiple languages)
12
- - Deserialization (Java, etc.)
13
- - Eval / dangerous functions
14
- - CSRF, redirect, inner HTML, postMessage issues
15
- - Log4j, ReDoS, path traversal patterns
16
- - Credential / secret patterns (keystore, passwords, AWS keys)
17
- - Modern issues: prototype pollution, etc.
18
- - Custom signature engine + factory
19
-
20
- ## Usage
10
+ ```bash
11
+ # CLI driver
12
+ pwn_sast -d /path/to/src -o /tmp/sast_out
13
+ ```
21
14
 
22
15
  ```ruby
23
- PWN::SAST.constants
24
- PWN::SAST::TestCaseEngine.generate(...)
25
- # Or call specific check modules
16
+ # REPL / pwn_eval
17
+ findings = PWN::SAST::Factory.start(dir_path: '/path/to/src')
18
+ PWN::Reports::SAST.generate(dir_path: '/path/to/src',
19
+ results_hash: findings,
20
+ output_dir: '/tmp/sast_out')
26
21
  ```
27
22
 
28
- SAST results feed directly into reporting and can be orchestrated by the `pwn-ai` agent or custom drivers.
23
+ ## Rule families (48 modules)
24
+
25
+ | Family | Modules |
26
+ |---|---|
27
+ | **Command execution** | `CmdExecutionJava` · `CmdExecutionPython` · `CmdExecutionRuby` · `CmdExecutionGoLang` · `CmdExecutionScala` · `Shell` · `Sudo` |
28
+ | **Web / DOM** | `CSRF` · `Redirect` · `ReDOS` · `InnerHTML` · `OuterHTML` · `LocationHash` · `WindowLocationHash` · `PostMessage` · `LocalStorage` · `BeefHook` |
29
+ | **Injection / eval** | `SQL` · `Eval` · `DeserialJava` · `Log4J` · `PHPInputMechanisms` · `PHPTypeJuggling` · `TypeScriptTypeJuggling` |
30
+ | **Crypto / secrets** | `MD5` · `SSL` · `Keystore` · `PaddingOracle` · `PrivateKey` · `Signature` · `Token` · `Password` · `Base64` · `HTTPAuthorizationHeader` |
31
+ | **Memory / native** | `BannedFunctionCallsC` · `UseAfterFree` |
32
+ | **Infra / meta** | `AWS` · `AMQPConnectAsGuest` · `ApacheFileSystemUtilAPI` · `PomVersion` · `Version` · `Port` · `Logger` · `ThrowErrors` · `TaskTag` · `Emoticon` |
33
+ | **Engine** | `Factory` (loader) · `TestCaseEngine` (probe generator) |
34
+
35
+ ## Write a rule
36
+
37
+ Each rule implements `self.scan(opts = {})` taking `dir_path:` and returning an
38
+ array of `{file:, line:, match:, cwe:, severity:}` hashes. Copy any existing
39
+ rule in `lib/pwn/sast/`, add your regex/AST logic, and it's auto-loaded by
40
+ `Factory`.
41
+
42
+ ## Downstream
43
+
44
+ `PWN::Reports::SAST` → HTML + JSON → `PWN::Plugins::DefectDojo.importscan` →
45
+ `PWN::Plugins::JiraDataCenter` tickets.
29
46
 
30
- See `lib/pwn/sast/` source for the full and growing list of modules.
47
+ **See also:** [Reporting](Reporting.md) · [CLI Drivers](CLI-Drivers.md)
31
48
 
32
- [[Diagrams]]
49
+ [← Home](Home.md)
@@ -0,0 +1,40 @@
1
+ # `PWN::SDR` — Software-Defined Radio & RF
2
+
3
+ ![SDR flow](diagrams/sdr-radio-flow.svg)
4
+
5
+ ## Modules (`lib/pwn/sdr/*.rb`)
6
+
7
+ | Module | Purpose |
8
+ |---|---|
9
+ | **`GQRX`** | Remote-control a running GQRX instance over TCP: tune, set demod, squelch, record, `get_spectrum_snapshot` (pure-Ruby FFT), scan ranges |
10
+ | `FlipperZero` | Serial control of Flipper (sub-GHz, NFC, IR, iButton) |
11
+ | `RFIDler` | 125 kHz RFID reader/emulator |
12
+ | `SonMicroRFID` | SM130 13.56 MHz reader |
13
+ | `FrequencyAllocation` | ITU/FCC band-plan lookup — "what lives at 433.92 MHz?" |
14
+ | `Decoder::*` | Demodulator/protocol helpers |
15
+
16
+ ## CLI
17
+
18
+ ```bash
19
+ pwn_gqrx_scanner --start 430e6 --stop 440e6 --step 12.5e3 --mode fast
20
+ pwn_gqrx_scanner --start 118e6 --stop 137e6 --mode iterative --squelch -60
21
+ ```
22
+
23
+ See skill `pwn_gqrx_scanner_fast_vs_iterative_scanning` for the trade-off.
24
+
25
+ ## REPL example
26
+
27
+ ```ruby
28
+ g = PWN::SDR::GQRX.connect(host: '127.0.0.1', port: 7356)
29
+ PWN::SDR::GQRX.set_freq(gqrx_sock: g, freq: 433_920_000)
30
+ PWN::SDR::GQRX.set_demod(gqrx_sock: g, demod: 'AM')
31
+ snap = PWN::SDR::GQRX.get_spectrum_snapshot(gqrx_sock: g)
32
+ PWN::SDR::FrequencyAllocation.lookup(freq: 433_920_000)
33
+ # => { band: 'ISM 433', typical: ['garage doors', 'weather stations', …] }
34
+ ```
35
+
36
+ Record signal intel with `extro_observe(source: 'gqrx', category: 'recon', …)`.
37
+
38
+ **See also:** [Hardware](Hardware.md) · [Extrospection](Extrospection.md)
39
+
40
+ [← Home](Home.md)
@@ -0,0 +1,39 @@
1
+ # Sessions — Transcript Persistence
2
+
3
+ Every `pwn-ai` conversation (top-level *and* per-persona in a Swarm) is
4
+ appended as JSON-per-line to `~/.pwn/sessions/<id>.jsonl`.
5
+
6
+ ![Sessions ↔ Cron ↔ Swarm](diagrams/sessions-cron-automation.svg)
7
+
8
+ ## Why keep transcripts?
9
+
10
+ - `learning_reflect(session_id:)` mines them for durable lessons → Memory.
11
+ - `learning_distill_skill(name:, session_id:)` turns a winning run into a
12
+ reusable Skill.
13
+ - `sessions_view` lets you (or a later agent) re-read exactly what happened.
14
+ - Swarm maps each persona to its own session so its private context survives
15
+ across `agent_ask` calls.
16
+
17
+ ## Tools
18
+
19
+ | Tool | Purpose |
20
+ |---|---|
21
+ | `sessions_current` | The id *this* conversation is being written to |
22
+ | `sessions_list(limit:)` | Newest-first index (id · size · mtime · lines) |
23
+ | `sessions_view(session_id:, truncate:)` | Read entries |
24
+ | `sessions_delete(session_id:)` | Prune noisy/dev transcripts so `reflect` corpus stays clean |
25
+ | `sessions_stats` | totals across the whole directory |
26
+
27
+ ## File format
28
+
29
+ ```json
30
+ {"role":"system","ts":"2026-07-07T22:08:02Z","content":"…"}
31
+ {"role":"user","ts":"…","content":"…"}
32
+ {"role":"assistant","ts":"…","content":"…","tool_calls":[…]}
33
+ {"role":"tool","ts":"…","name":"shell","content":"…"}
34
+ ```
35
+
36
+ **See also:** [Skills, Memory & Learning](Skills-Memory-Learning.md) ·
37
+ [Swarm](Swarm.md) · [Persistence](Persistence.md)
38
+
39
+ [← Home](Home.md)
@@ -1,44 +1,64 @@
1
- # Skills, Memory & Learning
1
+ # Memory · Skills · Learning · Metrics — Introspection
2
2
 
3
- One of PWN's most powerful features is its self-improving closed loop.
3
+ The **inward-facing** half of the pwn-ai feedback loop: how the agent measures
4
+ its own performance and turns wins into permanent capability.
4
5
 
5
- ## Memory (`PWN::Memory`)
6
+ ![Memory / Skills detail](diagrams/memory-skills-detailed.svg)
6
7
 
7
- Persistent facts, preferences, lessons, and environment data stored in `~/.pwn/memory.json`.
8
+ ## The four stores
8
9
 
9
- Use from REPL / agent:
10
- - `PWN::Memory.remember(key, value, category: :fact)`
11
- - `PWN::Memory.recall(query)`
10
+ | Store | File | Write tool | Read tool | Injected as |
11
+ |---|---|---|---|---|
12
+ | **Memory** | `memory.json` | `memory_remember` | `memory_recall` | `MEMORY` block — durable facts / prefs / lessons / env |
13
+ | **Skills** | `skills/*.md` | `skill_create` · `learning_distill_skill` | `skill_list` · `skill_view` | `SKILLS` list — reusable procedures + `references:` (CWE/CVE/ATT&CK/NIST/URL) |
14
+ | **Learning** | `learning.jsonl` | `learning_note_outcome` · `learning_reflect` | `learning_outcomes` · `learning_stats` | `LEARNING` block — recent outcomes + success_rate |
15
+ | **Metrics** | `metrics.json` | *automatic* (every Dispatch) | `metrics_summary` | `TOOL EFFECTIVENESS` block — steer tool choice |
12
16
 
13
- Injected into every future `pwn-ai` session.
17
+ ## The lifecycle of a lesson
14
18
 
15
- ## Skills
19
+ ```text
20
+ 1. Dispatch runs a tool → Metrics.record(tool, ok?, ms)
21
+ 2. Final answer produced → Learning.auto_reflect(session_id)
22
+ 3. Reflect finds a durable insight → Memory.remember(lesson_xxxx, …)
23
+ 4. A whole workflow succeeded → Learning.distill_skill(name, session_id, references:)
24
+ 5. Next launch: PromptBuilder injects all four blocks → the model already knows.
25
+ ```
16
26
 
17
- Reusable, versionable markdown procedures stored in `~/.pwn/skills/`.
27
+ ## Skill file format
18
28
 
19
- - Created automatically via distillation of successful agent runs.
20
- - Manually via `skill_create` or editing YAML+markdown files.
21
- - Contain front-matter `references:` (CWE, CVE, ATT&CK, NIST, URLs).
22
- - Exposed to the agent and listed via `skill_list` / `skill_view`.
29
+ ```markdown
30
+ ---
31
+ references:
32
+ - CWE-89
33
+ - T1190
34
+ - https://portswigger.net/web-security/sql-injection
35
+ ---
36
+ # sqli_union_enum
23
37
 
24
- Example skills:
25
- - `deep_exploitation`
26
- - `vulnerability_research_fundamentals`
27
- - `xai_grok_oauth_device_flow`
38
+ 1. Confirm injection with `' AND 1=1 --`.
39
+ 2. Find column count with `ORDER BY n`.
40
+ 3.
28
41
 
29
- ## Learning Loop
42
+ ## References
43
+ - CWE-89
44
+ - T1190
45
+ ```
30
46
 
31
- - `PWN::AI::Agent::Metrics` per-tool success rate + duration (`~/.pwn/metrics.json`)
32
- - `PWN::AI::Agent::Learning` — outcomes, reflections, skill distillation (`~/.pwn/learning.jsonl`)
33
- - Successful workflows become durable skills available to all future sessions.
47
+ `PWN::Config.parse_skill_references` reads both the YAML front-matter **and**
48
+ the `## References` section, deduplicates, and exposes them via
49
+ `skill_view(name)[:references]`.
34
50
 
35
- ## Management Commands (REPL)
51
+ ## Housekeeping
36
52
 
37
- - `pwn-ai-memory`
38
- - `pwn-ai-sessions`
39
- - `pwn-ai-cron`
40
- - `skill_list`, `skill_view`, `skill_create`, `skill_add_reference`
53
+ | Tool | When |
54
+ |---|---|
55
+ | `learning_consolidate(max_entries: 200)` | MEMORY block getting long/noisy |
56
+ | `learning_reset(confirm: true)` | dev-experiment noise polluted success_rate |
57
+ | `metrics_reset(confirm: true)` | fixed a broken tool; stale 0 % is misleading |
58
+ | `skill_delete(name)` | auto-distilled skill turned out low-quality |
59
+ | `learning_auto_reflect_toggle(enabled: false)` | during noisy fuzz loops |
41
60
 
42
- This system turns one-off wins into institutional knowledge.
61
+ **See also:** [Extrospection](Extrospection.md) the outward-facing half ·
62
+ [Sessions](Sessions.md) · [Persistence](Persistence.md)
43
63
 
44
- [[Diagrams]]
64
+ [← Home](Home.md)
@@ -0,0 +1,71 @@
1
+ # Swarm — Native Multi-Agent Orchestration
2
+
3
+ `PWN::AI::Agent::Swarm` replaces the legacy `pwn-irc` (inspircd + weechat +
4
+ PRIVMSG) transport with **first-class sub-agents** built directly on
5
+ `PWN::AI::Agent::Loop`. Each persona is a *full* tool-calling agent — Memory,
6
+ Skills, Learning, Metrics and Extrospection all apply — so the
7
+ self-improvement loop covers the whole swarm.
8
+
9
+ ![Swarm](diagrams/swarm-multi-agent.svg)
10
+
11
+ ## Files
12
+
13
+ | Path | Contains |
14
+ |---|---|
15
+ | `~/.pwn/agents.yml` | Persona registry (name → role/engine/toolsets/max_iters) |
16
+ | `~/.pwn/swarm/<id>/bus.jsonl` | Append-only chat every persona reads/writes |
17
+ | `~/.pwn/swarm/<id>/personas.json` | persona name → `PWN::Sessions` id |
18
+
19
+ No daemon. Cross-session / cross-process communication == another `pwn-ai` (or
20
+ a `PWN::Cron` job) calling `Swarm.ask` with the same `swarm_id`.
21
+
22
+ ## Define personas
23
+
24
+ ```ruby
25
+ agent_spawn(name: 'red_team',
26
+ role: 'Offensive operator. Propose the most aggressive next step.',
27
+ engine: 'grok',
28
+ toolsets: %w[terminal pwn memory skills extrospection])
29
+
30
+ agent_spawn(name: 'blue_team',
31
+ role: 'Defender. Critique red_team, flag detection risk & OPSEC.',
32
+ engine: 'anthropic',
33
+ toolsets: %w[pwn memory extrospection])
34
+ ```
35
+
36
+ > Omit `swarm` from a persona's toolsets to stop it recursively spawning
37
+ > further sub-agents. Recursion is also hard-capped by
38
+ > `PWN::Env[:ai][:agent][:max_depth]` (default 3).
39
+
40
+ ## Verbs
41
+
42
+ | Tool | Use for |
43
+ |---|---|
44
+ | `agent_list` | See who's defined |
45
+ | `agent_spawn` | Define / overwrite a persona |
46
+ | `agent_ask(name, request)` | One turn of one persona → reply comes back to *you* |
47
+ | `agent_debate(names, topic, rounds:)` | Round-robin critique — each sees the bus tail |
48
+ | `agent_broadcast(request)` | Fan-out; returns `{name => reply}` for voting |
49
+ | `swarm_bus(swarm_id)` | Tail a bus to inspect a prior/concurrent conversation |
50
+ | `swarm_list` | Find a `swarm_id` to resume |
51
+
52
+ ## Example: adversarial exploit review
53
+
54
+ ```ruby
55
+ tx = agent_debate(
56
+ names: %w[red_team blue_team exploit_dev],
57
+ topic: 'Target runs Jenkins 2.426.2 on :8080 — plan initial access.',
58
+ rounds: 3
59
+ )
60
+ # later, in a different pwn-ai process:
61
+ agent_ask(name: 'red_team', swarm_id: tx[:swarm_id],
62
+ request: 'blue_team raised WAF concerns — revise the payload.')
63
+ ```
64
+
65
+ Because each persona can pin a **different engine**, the debate is real model
66
+ diversity, not one model role-playing.
67
+
68
+ **See also:** [pwn-ai Agent](pwn-ai-Agent.md) ·
69
+ [Agent Tool Registry](Agent-Tool-Registry.md) · [Sessions](Sessions.md)
70
+
71
+ [← Home](Home.md)